======================================================================== SECURITY ADVISER: P.J. CONNOLLY http://www.infoworld.com ======================================================================== Thursday, October 14, 2004
Network protection commentary by: P.J. Connolly TAKING A CHANCE ON HACKERS By P.J. Connolly Posted October 08, 2004 3:00 PM Pacific Time Politician Henry L. Stimson once said, "The chief lesson I have learned in a long life is that the only way you can make a man trustworthy is to trust him; and the surest way to make him untrustworthy is to distrust him and show your distrust." ADVERTISEMENT -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- McAfee Secure-1 automates your security management. Now smaller companies can easily and affordably automate their security management. McAfee(r) Secure-1 delivers an integrated solution that combines a high-performance firewall appliance with managed virus protection. With easy installation and automatic updates, McAfee Secure-1 automates your security while assuring secure remote access, freeing you to focus on growing your business. Find out more and get your free security checklist and a special e-book bonus at http://newsletter.infoworld.com/t?ctl=94EB12:2B910B2 -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- This quotation came to mind a couple of weeks ago when I read that the author of the Sasser worm had been hired to work as a security programmer by a German outfit. Now that the hand-wringing has subsided, think about it rationally: What else is Sven Jaschan qualified to do for a living? If everyone who's ever misused a computer in a felony-grade rap is blackballed from working in the field, the best opportunity possible for rehabilitating these people is lost. Some people may put words in my mouth and imply that I believe computer-related crimes deserve nothing more than a slap on the wrist. They couldn't be more wrong. Use of a computer to defraud should be treated as sternly as any white-collar crime. Well, maybe that's not the best example. What Jaschan did was well-intentioned, but it was also dumb and destructive. If one changes a few of the details, it feels just like 1988, when Robert T. Morris unleashed the first sendmail worm. Morris certainly meant no harm, and Jaschan was actually trying to remedy the effects of two other viruses current at the time. Motive is always a mitigating factor; it's a matter of context. But more importantly, it's about simple humanity. I've had to ask for forgiveness before, and I'll have to do it again; who among us will never be in that boat? Anyone? Bueller? Under proper supervision, the kid could contribute a great deal to the never-ending task of hardening the Internet. I applaud his new employers -- German firewall developers Securepoint -- for taking a risk, and even if some of their motivation was to get a little free ink, it's still a noble gesture. Now all Jaschan has to do is stay out of trouble. For his sake, I hope he can because I don't like to give third tries or, as the saying goes, "Fool me once, shame on you; fool me twice, shame on me." There's another good reason for making sure Jaschan and people like him can earn as much money as they can -- how better can they make restitution to the people they hurt? Flipping burgers isn't going to cover the bill, after all. This isn't about rewarding people like Sven Jaschan, as some have claimed. It's about giving them the chance to atone for their deeds, to make their victims whole, and to redeem their good names. I imagine anyone reading this column would appreciate an opportunity to do the same, in similar circumstances. P.J. Connolly is a senior analyst at the InfoWorld Test Center. ======================================================================== Ever wonder how others keep up with web services? Your peers will tell you, although your competitors probably won't. This is how more than 63,000 people keep up with the fast-moving news about web services: the Web Services Report newsletter. Scan its quick summaries of the week's biggest news in web services, then move on or click through for the full story. It may not be the only way to keep up with web services, but it's the easiest. Subscribe at http://newsletter.infoworld.com/t?ctl=94EB0E:2B910B2 ADVERTISE ======================================================================== For information on advertising, contact [EMAIL PROTECTED] UNSUBSCRIBE/MANAGE NEWSLETTERS ======================================================================== To subscribe, unsubscribe or change your e-mail address for any of InfoWorld's e-mail newsletters, go to: http://newsletter.infoworld.com/t?ctl=94EB0F:2B910B2 To subscribe to InfoWorld.com, or InfoWorld Print, or both, or to renew or correct a problem with any InfoWorld subscription, go to http://newsletter.infoworld.com/t?ctl=94EB11:2B910B2 To view InfoWorld's privacy policy, visit: http://newsletter.infoworld.com/t?ctl=94EB10:2B910B2 Copyright (C) 2004 InfoWorld Media Group, 501 Second St., San Francisco, CA 94107 This message was sent to: [EMAIL PROTECTED]
